Insights Header image
Insights Header image
Insights Header image

Happy Data Privacy Week, Canada! 1st Edition

Jan 22, 2024 Publications 2 minute read

Data Privacy Day commemorates the signing of Convention 108 on Jan. 28, 1981, which was the first legally binding international treaty dealing with privacy and data protection. Since that time, privacy has grown in importance in Canada and around the world, and many countries now celebrate a full Data Privacy Week.

This year, the Office of the Privacy Commissioner of Canada has announced that Data Privacy Week will take place from January 22 to 26, and it has declared that the 2024 theme is “Take control of your data”.

Taking control of your data can have multiple meanings. For individuals this can mean taking a more proactive approach to learning about how organizations use their data and exercising choices available to them. However, many organizations also struggle with managing their data. Here are some tips that can help:

McMillan’s Top 5 Tips for Organizations to Take Control of their Data

  1. Data Mapping. In order to take control of data, organizations must first understand what data they process. This requires an examination of the types of data collected, how data is collected (and from where), locations where data is stored, with whom data is shared, how long data is kept, and how data is destroyed.
  2. Assign Roles & Responsibilities. Often data is mismanaged because stakeholders within the organization mistakenly assume that someone else will make sure that appropriate controls are in place and will be followed. Clearly assigning roles and responsibilities to specific individuals within the organization can help to ensure that policies and procedures for handling data are actually implemented, in practice.
  3. Establish a Compliance Structure. It is not uncommon to see massive disparities between how different departments, offices or divisions manage data, especially within large and complex organizations. Establishing a formal privacy and data protection compliance program enhances consistency in processes and helps to ensure that all relevant personnel understand how they should be handling data.
  4. Leverage Technological Solutions. People are critically important to organizations, but they can also be the weakest link in privacy and data security. Often technological solutions can be implemented to reduce human error and increase consistency in how data is handled. For example, a number of vendors offer solutions for access control, data subject rights requests, and automated data deletion. Although these tools can help organizations take control of their data, it is important to ensure that they are designed for compliance with Canadian requirements (not just US and EU laws).
  5. Implement Data Minimization. One reason that data sometimes gets out of control is that organizations accumulate a massive amount of data, much of which is unnecessary, outdated, and/or decentralized. Accumulating vast quantities of data gives rise to a number of privacy and data protection risks, including increased potential for misuse and enhanced costs and risks in the event of a breach. Proactively minimizing the data that your organization collects, and purging old data that is no longer useful, helps stop data from getting out of control. It also reduces data storage costs and facilitates legal compliance!

McMillan’s Privacy and Data Protection Team provides organizations with practical guidance to help our clients manage their data and navigate the complex framework of legal and regulatory requirements across Canada. Celebrate Data Privacy Week by reaching out to your McMillan advisor and to start the process of taking control of your data!

Insights (5 Posts)View More

Featured Insight

Double the Trouble: The BCCA Refuses to Strike Duplicative Class Actions Before Certification

Class action bulletin. Summary of InvestorCOM Inc. v. L'Anton, 2025 BCCA 40, a recent decision of the BCCA on the issue of duplicative class actions.

Read More
Feb 12, 2025
Featured Insight

Recent Developments in the Canadian Psychedelics Industry

This bulletin provides an update on recent developments in Canada's psychedelics industry.

Read More
Feb 12, 2025
Featured Insight

Company Ordered to Cease Using Facial Recognition Technology to Monitor Access to its Facilities: Overview of Quebec Privacy Regulator’s Decision

In this bulletin, we provide an overview of the Quebec privacy regulator's decision in ordering the Company to cease using its facial recognition technology.

Read More
Feb 11, 2025
Featured Insight

Significant Changes to the Québec Mining Regime are Now in Force

Significant amendments to the Québec mining regime tabled by the Government in the spring 2024 came into force late last year.

Read More
Feb 11, 2025
Featured Insight

Thumbs Up or Signed Deal? Court Affirms Emoji as Valid Acceptance of Agreement

We discuss the Saskatchewan Court of Appeal's decision on whether a “thumbs up” emoji sent through a text message is acceptance of a contract.

Read More
Feb 10, 2025